Some more bizarre things happened today, 27th April, 2017. Not so bizarre, now
that I know that Internet shutdowns were common. This is definitely the first
internet shutdown that I have seen in the papers. Actually noticed. Kashmir now
has a block on 21 social networks for the next
month.
These are the social networks:

I just had to laugh when I saw Tumblr, Pinterest and Snapchat on that list.
Seriously, who is sharing even the anticipated objectionable
materials.

More bad
news
for LastPass’ security team and all users of a password manager that is either
Lastpass itself or something else. I have never been comfortable giving anyone
access to my passwords. Even if it is a metal box that no human being promises
to ever look at. Managing passwords on your own is slightly involved and often
irritating, but it is totally worth the risk. The one thing that I would
recommend that everyone do is: Keep assessing the amount of threat that you
are under of being attacked, and the worst case scenarios if you indeed get
attacked If you do this on a regular, unconscious level, then you will
eventually not have to actively think about what might happen. You are always
thinking about that.

A sample scenario: What happens if I left my computer unlocked for 10 minutes
and went somewhere and someone used the computer for 9 minutes during that
period. In that case, I would lose my RSA private keys and probably give them
access to all the servers I have access to (and have stored in my
~/.ssh/config for about 6 minutes if they are really fast at getting situated)
In 6 minutes, most servers can be taken down. They would still not have sudo
access on these servers, so they would have to run something like the fork bomb
which is easily solved by a reboot. The
Metakgp server takes about 16 minutes to
reboot, that’s a total down time of nearly 17-20 minutes at most. They would
also get my RSA private keys, which would mean that I would have to contact
someone to immediately remove my old keys and refresh them with new keys
everywhere. This might take considerably more time and effort and this is
probably the thing I would be most concerned about.

They might definitely be able to get a file-tree of my complete hard drive
(although that’s pushing it, because the last time I ran tree / it took 1.5
hours to complete. Yes, that’s 1 TB worth of files’ list). They might be able to
get some information, but it would still not be enough to do anything with.

But going into the browser, things escalate really quickly. If they don’t care
about my RSA keys, then within minutes with a decent internet connection, the
attacker should be easily able to cause havoc with my primary email account,
a Facebook account. Send out emails which will be very hard to explain, messages
that might be embarassing at the worst.

All in all, these threats are bad enough for me to force me to lock my computer
before leaving, even if it is just for a couple minutes.

You might note that I have also just assesed the threats for the case where
someone guesses or gets my computer’s login password from somewhere. The
problems and the scenarios would be the same.

So, keep assessing and thinking about how things could go wrong. Most of the
security stuff that I have realised have been in retrospect, and the
helplessness is rather crippling.